Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
|
||
| export RAILS_ENV="${RAILS_ENV:-production}" | ||
| export NODE_ENV="${NODE_ENV:-production}" | ||
| export SECRET_KEY_BASE="${SECRET_KEY_BASE:-${SECRET_KEY_BASE_DUMMY:-test-secret-key-base}}" |
There was a problem hiding this comment.
SECRET_KEY_BASE fallback uses boolean flag as secret value
Low Severity
The nested parameter expansion ${SECRET_KEY_BASE:-${SECRET_KEY_BASE_DUMMY:-test-secret-key-base}} conflates the SECRET_KEY_BASE_DUMMY boolean flag with an actual secret key value. When the Dockerfile invokes SECRET_KEY_BASE_DUMMY=1 ./bin/build-production, this line sets SECRET_KEY_BASE to the literal string "1" — the flag's value, not a proper key. While Rails' SECRET_KEY_BASE_DUMMY mechanism generates a real dummy key internally (so the build succeeds), exporting SECRET_KEY_BASE=1 into the environment is semantically incorrect and could cause subtle issues if any code reads ENV["SECRET_KEY_BASE"] directly rather than going through Rails.application.secret_key_base.
Reviewed by Cursor Bugbot for commit fc397aa. Configure here.
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 23 minutes and 3 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (2)
📒 Files selected for processing (24)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
Bugbot Autofix is ON, but it could not run because on-demand usage is turned off. To enable Bugbot Autofix, turn on on-demand usage and set a spend limit in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 0910a27. Configure here.
| ruby -e 'require "yaml"; app = ARGV.fetch(0); data = YAML.load_file(".controlplane/controlplane.yml", aliases: true); app_config = data.fetch("apps").fetch(app); workloads = Array(app_config["app_workloads"]); workloads = ["rails"] if workloads.empty?; puts workloads.join(",")' "${{ vars.PRODUCTION_APP_NAME }}" | ||
| )" | ||
|
|
||
| echo "names=${workloads}" >> "$GITHUB_OUTPUT" |
There was a problem hiding this comment.
Workload resolution uses Ruby before setup-ruby runs
Medium Severity
The Resolve production app workloads step calls ruby -e with YAML.load_file(..., aliases: true) before the Setup production environment step runs ruby/setup-ruby. This relies on the system Ruby pre-installed on the GitHub runner. The aliases: keyword argument requires Psych 4+ (Ruby 3.1+). While current ubuntu-latest (24.04) ships Ruby 3.2+, this creates a fragile implicit dependency on the runner's system Ruby version and feature set, separate from the explicitly declared Ruby 3.4.6 in the setup action.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 0910a27. Configure here.
1 participant
Summary
Testing
Note
Medium Risk
Adds new deployment automation and changes the production Docker build/runtime (Node/SSR bundle generation), which can impact deploy reliability and runtime behavior if misconfigured.
Overview
Adds Control Plane (
cpflow) scaffolding and GitHub Actions to support opt-in review apps, automatic staging deploys, scheduled cleanup of stale review apps, and manual promotion from staging to production (including basic health-check/rollback logic).Updates the production
Dockerfileto install Node in build+runtime, run a newbin/build-productionstep to regenerate and compile React on Rails client+SSR bundles beforeassets:precompile, and keep Node available for ExecJS SSR at runtime.Tightens supporting tooling/config: adds Control Plane templates (GVC, workload, persistent
/rails/storagevolume,db:preparerelease script), updates CI to build JS packs during tests, bumpsbrakeman, pinsreact-on-railsin npm, and refreshes README/docs for the new flow.Reviewed by Cursor Bugbot for commit 288dd05. Bugbot is set up for automated code reviews on this repo. Configure here.